1. Field of the Invention
The present invention relates to a network unauthorized access preventing system and network unauthorized access preventing apparatus for preventing unauthorized access to a network by an apparatus, which is detected as not being authorized to access the network, by sending a packet having a spoof ARP (Address Resolution Protocol) to the apparatus.
2. Description of the Related Art
Recently, information processing of various types has been greatly streamlined by networks such as the Internet, intranet, etc., in various environments such as companies, public offices, schools, households, etc. These networks are therefore indispensable as contemporary infrastructures.
In the meantime, computer viruses are spread over the networks causing destruction of important information, and the networks are invalidly accessed increasing chances of information leakage. Achieving improvement of network security is thus an important social issue.
Under this circumstance, many researches and developments have been devoted to apparatuses for preventing unauthorized access to networks.
For example, Unexamined Japanese Patent Application KOKAI Publication No. 2002-73433 proposes an apparatus for determining detection of intrusion from a packet, taking measures such as disconnecting communication if an unauthorized packet is detected, and automatically lifting disconnection of communication if no unauthorized packet is detected.
Unexamined Japanese Patent Application KOKAI Publication No. 2003-99339 proposes an apparatus using a filter-type IDS (Intrusion Detection System) function, which can immediately cut a possibly offensive IP (Internet Protocol) packet and can also cut IP packets which are addressed in mass to the IDS function as detected.
However, conventional network unauthorized access preventing apparatuses as described above have the following problems.
In case of an apparatus for preventing unauthorized access by its hubs performing filtering at the time of detecting an intrusion, each hub must be equipped with the function of filtering, which increases costs.
This is true not only in a case where a hub determines whether it is an intrusion based on the IP address of the packet sender but also in a case where, as done by the apparatus proposed in Unexamined Japanese Patent Application KOKAI Publication No. 2002-73433, a packet itself is analyzed to determine whether it is an intrusion.
Further, in a case where a plurality of hubs are used in a network and the hubs are provided by different companies, the filtering functions and managing procedures of the hubs are varied from company to company. It is therefore necessary to prepare managing means applicable to the respective types of hubs, which further increases costs.
There is an apparatus which prevents unauthorized access by changing the settings of a VPN (Virtual Private Network) apparatus or firewall at the time of detecting an intrusion. However, although able to prevent unauthorized access from the outside, such an apparatus has a problem that it cannot prevent unauthorized access inside the network.
Further, there is an apparatus which prevents unauthorized access by sending a TCP (Transmission Control Protocol) reset packet at the time of detecting an intrusion. According to such an apparatus, if the intruder's protocol is such a protocol as HTTP (Hyper Text Transfer Protocol) by which data transmission is completed in a short time, the intruder's data is completely transmitted at the time the reset packet is sent. Thus, there is a problem that prevention of unauthorized access does not work in time.